ICSA-24-214-01
·
Published 2024-08-01
·
View on CISA ICS-CERT ↗
Johnson Controls exacqVision client and exacqVision server
CVSS 8.3
HIGH
Risk Summary
Successful exploitation of this vulnerability could allow an attacker to be able to decrypt communications between exacqVision Server and exacqVision Client due to insufficient key length and exchange.
CVEs (1)
Remediations
- Johnson Controls recommends user to update exacqVision Client and exacqVision Server to version 24.06
- Follow the guidance provided in the exacqVision Hardening Guide under the Password Strengthening section.
- For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2024-14
- Aligning with CISA recommendations, Johnson Controls recommends taking steps to minimize risks to all building automation systems.
Affected Vendors
Johnson Controls Inc.
Affected Products (2)
Johnson Controls Inc.
·
exacqVision client
vers:all/*
Johnson Controls Inc.
·
exacqVision server
vers:all/*
Affected Sectors
Critical Manufacturing, Commercial Facilities, Government Facilities, Transportation Systems, Energy
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more